$ cd /home/Lu/

Keep-learning Lu

06 Dec 2019

Apache2 Configuration on Server (Debian 9)

Before We Start:

Since I have stupidly misconfigure my websites (to meet the 502 error), I finally figured out the way to configure Apache. This passage will start with Apache installation.


  1. Prerequisites
  2. Apache Installation
  3. UFW (Firewall) Modification
  4. Web Server Verification
  5. Appache Processing Management
  6. Virtual Host Setting
  7. Apache Files and Directories
  8. Certbot: Get Your Site on https://

1. Prerequisites

Before the instruction, you are supposed to have a regular user (not root) but equiped with sudo authority on your server. In addition, you need to enable a basic firewall to block unnecessary ports. You can follow our Debian 9 initial server setup guide to learn how to configure regular user accounts and set up a firewall for your server.

If you have an account available, log in as a non-root user to get started.

2. Apache Installation

Apache is in the list of default software on Debian, so we can easily install it with the traditional package management tools.

Let's start by updating the local package index to reflect the latest upstream changes:

sudo apt update

Then, install the package apache2:

sudo apt install apache2

After confirming the installation, apt will install Apache and all required dependencies.

3. UFW (Firewall) Modification

Before testing Apache, it is necessary to modify the firewall settings to allow external access to the default web port. Assuming you follow the instructions in the prerequisites, you should configure the UFW firewall to restrict access to the server.

During the installation process, Apache registers itself with UFW to provide some application configuration files that can be used to enable or disable access to Apache through the firewall.

Type the following to list the ufw application configuration files:

sudo ufw app list
Available applications:
. . . 
 WWW Cache
 WWW Full
 WWW Secure
. . . 

Apache configuration files begin with WWW:

WWW: This profile only opens port 80 (normal, unencrypted web traffic) WWW cache: This profile only opens port 8080 (sometimes used for caching and web proxy) WWW Full: This profile opens port 80 (normal, unencrypted web traffic) and port 443 (TLS / SSL encrypted traffic) WWW Secure: This profile only opens port 443 (TLS / SSL encrypted traffic)

We recommend that you enable the most restrictive profile that still allows you to configure the traffic. Since we have not configured SSL for our server in this guide, we only need to allow traffic on port 80:

sudo ufw allow 'WWW'

You can type the following to verify the changes:

sudo ufw status

You should see allowed HTTP traffic in the output shown:

Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere
WWW                        ALLOW       Anywhere
OpenSSH (v6)               ALLOW       Anywhere (v6)
WWW (v6)                   ALLOW       Anywhere (v6)

As you can see, the profile has been activated to allow access to the web server.

4. Web Server Verification

At the end of the installation process, Debian 9 launched Apache. The web server should be up and running.

Check the systemd init system to ensure that the service is running by typing the following:

sudo systemctl status apache2
●** apache2.service - The Apache HTTP Server
  Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: 
  Active: **active (running)** since Tue 2019-12-03 21:57:09 UTC; 1h 3min ago
 Process: 5580 ExecStop=/usr/sbin/apachectl stop (code=exited, status=0/SUCCESS
 Process: 5505 ExecReload=/usr/sbin/apachectl graceful (code=exited, status=0/S
 Process: 5588 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCE
 Main PID: 5592 (apache2)
  CGroup: /system.slice/apache2.service
​      ├─5592 /usr/sbin/apache2 -k start
​      ├─6496 /usr/sbin/apache2 -k start
​      └─6526 /usr/sbin/apache2 -k start

Dec 03 21:57:09 ns3293207 systemd[1]: Starting The Apache HTTP Server...
Dec 03 21:57:09 ns3293207 systemd[1]: Started The Apache HTTP Server.

From this output, it appears that the service has started successfully. However, the best way to test this method is to request a page from Apache.

You can visit the default Apache login page to confirm that the software is functioning normally through your IP address. If you don't know the server's IP address, there are several different methods you can get from the command line.

Try typing at the server's command prompt:

hostname -I

You will get some addresses separated by spaces. You can try each in a web browser to see if they work.

Another method is to use the curl tool, which can give you a public IP address as seen from other locations on the Internet.

First, install curl using apt:

sudo apt install curl

Then, use curl to retrieve icanhazip.com using IPv4:

curl -4 icanhazip.com

Once you have your server's IP address, enter it into your browser's address bar:


You should see the default Debian 9 Apache web page, which shows that “It works."

This page indicates that Apache is running normally. It also includes some basic information about important Apache files and directory locations.

5. Appache Processing Management

Now that you have your web server up and running, let's have a look at some basic administrative commands.

To stop the web server, type:

sudo systemctl stop apache2

To start it when the web server is stopped, type:

sudo systemctl start apache2

To stop and start the service again, type:

sudo systemctl restart apache2

If you are just making configuration changes, Apache can usually reload without dropping the connection. To do this, use the following command:

sudo systemctl reload apache2

By default, Apache is configured to start automatically when the server boots. If this is not what you want, disable this behavior by typing:

sudo systemctl disable apache2

To re-enable the service to start at startup, type:

sudo systemctl enable apache2

Apache should now start automatically when the server starts again.

6. Virtual Host Setting

When using an Apache web server, you can use a virtual host (similar to a server block in Nginx) to encapsulate configuration details and host multiple domains from a single server. We will set up a domain name lynnislu.com, but you should replace it with your own domain name.

Apache on Debian 9 has a server block enabled by default, configured to serve documentation from the /var/www/html directory. Although this applies to a single site, it can become difficult to handle if you host multiple sites. Don't modify /var/www/html, let's create a directory structure at /var/www of lynnislu.com website, and leave /var/www/html as the default directory if the client request does not match any other website. For me, I mkdirfor lynnislu.com and bb.lynnislu.com.

Create a directory for example.com as shown below, using the -p flag to create any required parent directories:

sudo mkdir -p /var/www/lynnislu.com/html
sudo mkdir -p /var/www/bb.lynnislu.com/html

Next, use the $USER environment variable to assign ownership of the directory:

sudo chown -R $USER:$USER /var/www/lynnislu.com/html

If you haven't modified the unmask value, the permissions of the web root directory should be correct, but you can make sure by typing:

sudo chmod -R 755 /var/www/lynnislu.com

Next, create a sample index.html page using nano or your favorite editor:

nano /var/www/lynnislu.com/html/index.html

Inside, add the following example HTML:


        <title>Welcome to lynnislu.com!</title>
        <h1>Success!  The lynnislu.com server block is working!</h1>

Save and close the file when you are finished.

In order for Apache to serve this content, the virtual host file must be created with the correct instructions. Do not directly modify the default configuration file located at /etc/apache2/sites-available/000-default.conf. Instead, create a new file at /etc/apache2/sites-available/lynnislu.com.conf:

Paste in the following configuration block, similar to the default configuration block, but updated for our new directory and domain name:


<VirtualHost *:80>
    ServerAdmin luxu_lynn@hotmail.com
    ServerName lynnislu.com
    ServerAlias www.lynnislu.com
    DocumentRoot /var/www/lynnislu.com/html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

Please note that we have updated DocumentRoot to a new directory and ServerAdmin to an email accessible to the lynnislu.com site administrator. We also added two directives: ServerName, which establishes the base domain that should match this virtual host definition; ServerAlias, which defines more names that should match, as if they were base names.

Save and close the file when you are finished.

Let's use a2ensite to enable the site configuration file.

sudo a2ensite lynnislu.com.conf

And to avoid the conflict, let's disable the default site configured by 000-default.conf

sudo a2dissite 000-default.conf

Now we can test simply the configuration files (Only syntax).

sudo apache2ctl configtest

The output:

Syntax OK

Restart your Apache to apply the configuration.

sudo systemctl restart apache2

Apache now is serving for your domain name, well, I can navigate to http://www.lynnislu.com to test it. For you, it depends on your domain name.

7. Apache Files and Directories

Now that you know how to manage the Apache service itself, you should take a few minutes to familiarize yourself with some important directories and files, which is so important.


/var/www/html: The actual web content by default only contains the default Apache page you saw before, which is provided under the /var/www/html directory. This can be changed by changing the Apache configuration file.

server configuration

/etc/apache2: Apache configuration directory. All Apache configuration files reside here. /etc/apache2/apache2.conf: The main Apache configuration file. It can be modified to change the Apache global configuration. This file is responsible for loading many other files in the configuration directory.

/etc/apache2/ports.conf: This file specifies the ports that Apache will listen on. By default, Apache listens on port 80 and additionally listens on port 443 when modules that provide SSL capabilities are enabled.

/etc/apache2/sites-available/: A directory where virtual hosts per site can be stored. Apache does not use configuration files in this directory unless they are linked to the sites-enabled directory. Normally, all server block configuration is done in this directory and then enabled by linking to other directories using the a2ensite command.

/etc/apache2/sites-enabled/: Directory that stores per-site virtual hosts that are enabled. Usually, these are created by using a2ensite to link to a configuration file in the sites-available directory. Apache reads configuration files and links in this directory when it starts or reloads to compile the full configuration.

/etc/apache2/conf-available/, /etc/apache2/conf-enabled/: These directories have the same relationship as the sites-available and sites-enabled directories, but are used to store configuration snippet virtual hosts that do not belong to a. You can use the a2enconf command to enable files in the conf-available directory, and use the a2enconf command to disable these a2disconf.

/etc/apache2/mods-available/, /etc/apache2/mods-enabled/: These directories contain available and enabled modules, respectively. Files ending in .load contain fragments for loading specific modules, and files ending in .conf contain the configuration of these modules. Modules can be enabled and disabled using the a2enmod and a2dismod commands.

Server log

/var/log/apache2/access.log: By default, every request to the web server will be recorded in this log file unless Apache is configured to perform other operations.

/var/log/apache2/error.log: By default, all errors are logged in this file. The LogLevel directive in the Apache configuration specifies how much detail the error log will contain.

You can use command tail -f <log_filename>to check the log.

8. Certbot: Get Your Site on https://

Here is the easiest way to get your site on https://.

Well, just go to the website, Certbot.

comments powered by Disqus